Live from Comdex: Windows winners

By Brian Livingston

LAS VEGAS – PC Magazine announced here on Monday evening the latest winners of its annual Technical Excellence Awards, as it has done in a hotel auditorium at the Comdex computer show for many years. Comdex this time around was almost the smallest show ever – with the management actually charging $50 to $100 for some exhibit-only tickets, the registered crowd amounted to only about 50,000. That’s down from more than a quarter of a million before the dot-com bubble burst (although it seemed to me back then that the entire population of California had somehow been jammed into the exhibit halls and taxis).

The smaller army of gawkers, however, made Comdex more focused than before – I saw no sign of the La-Z-Boy recliners that were pitched to passing technology buyers in the past.

This clarity of purpose was evident in PC Mag’s awards, too. Despite the downturn in startups lately, the magazine’s editors managed to find plenty of new technology to bestow trophies to, including several that are of particular interest to Windows pros. The editor’s picks won’t appear in PC Mag until the Dec. 30 print edition of the publication, but here’s a peek at the best stuff right now:

SYSTEM SOFTWARE

Winner:
• VMWare ESX Server 2 and Virtual SMP. This software enables you to host up to eight different operating systems, including multiple copies of any single OS, on a single server. With its Virtual SMP add-on, you can allow any of the virtual servers to use the processing resources of two or more CPUs.

Runners-up:
• FSLogic Protect. This is a utility that’s useful to even more people than ESX Server, in my opinion. With Protect, you can let Windows users change settings as much as they want, but Protect reverts everything back to the original state at logoff time. Best of all, users can log back in and see exactly the same files and desktop the way they left it. Great for public PCs but also any office environment where different people use the same machine.
• Microsoft DirectX 9.

DEVELOPMENT TOOLS

Winner:
• BEA WebLogic Workshop 8.1. A development environment for J2EE that PC Mag said “hides the complexity without limiting the underlying power to develop Web services, Web applications, portals, and integration projects.”

Runners-up:
• Compuware DevPartner Studio 7.1.
• Sybase SQL Anywhere Studio 9.

STORAGE DEVICES

Winner:
• Cornice Storage Element. Pen drives that plug into any USB port are gaining higher capacities, but at ever-higher costs and ever-larger physical bulk. An alternative to Flash storage for these little devices is the new Cornice drive, a tiny, shock-resistant 1.5 GB hard disk that’s a mere 1 inch in diameter. A review in the Nov. 12 Wall Street Journal said a Cornice-based USB pen drive, the Digitalway MPIOHS100, will soon go on sale for little more than half the price of competing USB Flash-based pen drives with only 1.0 GB of capacity.

Runners-up:
• IBM Active Protection System. A motion sensor that temporarily parks a hard drive’s heads to protect your data if a shock, such as dropping a laptop, is detected.
• Sony DRU-500A Dual Format DVD Recorder. One of the first DVD burners that handles several incompatible formats: DVD-R, DVD+R, DVD-RW, and DVD+RW, as well as CD-R and CD-RW.

The magazine also handed out awards in the categories of personal computers, mobile devices, cameras, printers, components, protocols, collaboration software, and communications software. For the full list, see PC Magazine’s awards page. For the magazine’s judgment on the best new products showing at Comdex, visit the Comdex winners page.

Table of contents

EDITOR’S NOTE: In this issue, I bring you a special report on a flaw in Windows XP that apparently causes data corruption when Windows 2000 Server is deployed. The following article is by Brian’s Buzz readers Dan Michalski and Gordy Tobutt, who found that this problem occurs predictably – despite the fact that Microsoft states the problem was corrected in both Service Pack 3 and Service Pack 4 for Windows 2000 Server.

The problem, as the writers say below, occurs when SMB (Server Message Block) signing, a desirable security feature, is enabled on Windows 2000 Server or Windows NT Server. This feature is disabled by default, but it is often enabled by administrators, and some or all versions of Symantec’s Norton Antivirus silently turn it back on in Windows 2000 Server, making XP workstations vulnerable again.

The following analysis is based on extensive testing of numerous combinations of systems, some of which are affected and some of which are not. If you use XP, I urge you to check any affected systems in your company to see if they’re suffering from this problem. –Brian Livingston

The problem with delayed-write errors in Windows XP

by Dan Michalski, Product Specialist
and Gordy Tobutt, Senior Software Developer
Tangent Systems Inc. (Tangent-Systems.com)

The following article was written in response to a complaint by one of our customers about data loss that accompanied “delayed-write failures” when they migrated our software from workstations running Windows NT 4.0 SP 6a to workstations running Windows XP SP1. In both cases, the server at the customer site was running Windows 2000 Server. As we did in-house testing, we tried various service pack configurations on a Windows 2000 Server, as detailed below, as well as on an NT 4.0 Server with SP4.

The Symptoms

There are a nearly infinite number of problems these delayed-write failures may cause for our product (or any other product). Of course, the primary symptom we are targeting is data loss error when performing rapid additions to database tables (.DBF in this case). But we have every reason to believe that the delayed write failures can affect people in other high-I/O contexts as well. For example, one developer was able to induce a failure during a data recovery operation, leaving database files and indices out of synchronization.

The database update process probably just triggers the problem because it involves a good burst of file I/O. Since the failure can occur at nearly any point of the process, the trail of evidence can appear very inconsistent. Sometimes, our program will actually terminate with an exception error, but often it does not. Sometimes the activity log will appear as if everything is all right, even though there was a failure. The errors usually indicate that a previous process failed, but I have seen that they can also occasionally appear if there is a delayed-write failure during the current process.

The Problem

The primary error in question is the delayed-write failure, shown in the Event Viewer with a source of MrxSmb and an Event ID of 50. This particular variation of the delayed-write failures, caused by SMB signing, is a known Microsoft problem. The log entries will sometimes refer to a specific file, but other times just refer to DeviceLanmanRedirector. The final identifying characteristic is that the last word of the error description when viewed as data type Words displays a status code of c000020c. Here is a Microsoft link relating to the problem:

http://support.microsoft.com/?scid=kb;en-us;293842

Now, despite these assertions from Microsoft, the problem clearly was NOT fixed in Windows 2000 Server Service Pack 3. I was able to confirm this through testing, and I am not the only one to reach this conclusion (see below).

The Culprit

The problem can occur when a particular feature is enabled on the server: SMB signing. SMB signing is a security feature intended to help keep hackers from hijacking open sessions or sniffing passwords. It also incurs a performance penalty on both the servers and the workstations by taxing the CPUs (10% to 15% by Microsoft’s estimate).

On the server, SMB signing is controlled by the following registry entry:

HKEY_LOCAL_MACHINESystemCurrentControlSetServices
LanmanserverParametersenablesecuritysignature

If this parameter is set to 1 (enabling SMB signing), these problems may arise (again, only with certain workstation/server combinations). If this parameter is set to 0 (disabling SMB signing), the problem goes away, and 0 is indeed the default setting. Note that there are also workstation-side registry entries that control whether this feature is enabled and/or required.

As mentioned in the following link, some or all versions of Norton Antivirus will enable SMB signing, triggering the problem:

http://www.appliedsystems.com/SRVS/CGI-BIN/WEBCGI.EXE/,/?St=30,E=0000000000004150979,K=708,Sxi=1,Case=obj(17392)

Our customer had this enabled. It may have been enabled by Norton Antivirus, unbeknownst to them (as it was to us). Or, it may be a corporate security policy. My testing also directly confirms the assertion in the above link that, despite the fact the Microsoft claims to have fixed the c000020c-type delayed write problems in Service Pack 3, this is clearly not true.

Test Methodology

One of our developers was originally able to replicate the problem by running a database update of a large number of items (i.e., 90,000) while also running Windows Explorer and performing refreshes to watch the files being updated. I stuck with this proven method so that I could change various workstation and server conditions to see if the problem would go away. While the update was running, I would go to Windows Explorer to look at the progress of the file updates in the DATA directory, sort the column to display the most recently updated files first, and periodically press F5 to refresh.

It is important to note that it never failed, for whatever reason, if I did nothing other than watch the update run. What is it about a little additional activity from Explorer that precipitates the error? I’ve no idea. I certainly would not assume that using Explorer is the only way to create the problem, though. It may well also be a function of server or workstation capability and activity.

Server Notes

• The problem does not seem to happen at all on a NetWare 5 server (using an XP workstation).

• The problem does clearly happen on a Windows NT SP 5 server (using an XP workstation) with SMB signing enabled.

• The problem does clearly happen on a Windows 2000 server (no SP or SP3) with SMB signing enabled. The problem was clearly worse (easier to make happen) for some reason on the 2000 server than it was on the NT server.

• The problem seemed to go away on a Windows 2000 server with SP4, with the following caveat: Though it took a while to happen, I was eventually able to get a different variant of the delayed write failure (now the c000022c) on the SP4 system. Note that, once again, this directly contradicts Microsoft’s assertions that c000022c-type problems are fixed in SP4:

http://support.microsoft.com/?scid=kb;en-us;321733

So, I would not recommend presenting SP4 as a fix on its own, though SP4 may well be fine if SMB security signature is disabled.

Workstation Notes

• The problem did not seem to happen from a Windows NT workstation, regardless of the server. This is probably only true unless someone has gone out of their way to enable SMB signing on the NT workstation. The feature was made available in NT SP3, but was disabled by default and only enabled by an obscure registry entry (different from the one used on Windows 2000 and XP).

• The problem did not seem to happen if the workstation was Windows 2000 SP4, regardless of the server (this was a bit surprising).

• The problem clearly happens on XP workstations when using SMB signing with an affected server.

Comments

• While I’m betting that disabling SMB signing would eliminate many problems at our customer site, that’s not to say it will eliminate them 100%. There may still be occasional network hiccups, software holes, or operator-induced scenarios.

• We are probably very fortunate that our customer’s image scanner controllers were never upgraded to XP, as these generate huge bursts of server I/O traffic. I’m afraid recovery would be getting a real workout. I feel it is essential that this issue be addressed before upgrading those units to XP.

• Take your pick: A secure network operating system or one that works.

I’ve asked Microsoft to comment on the contention that Service Packs 3 and 4 for Windows 2000 do not completely eliminate the delayed-write errors when XP is used as the workstation. By press time, I hadn’t received an official response. I’m hopeful that a Microsoft spokesperson may have a reply in time for the next issue of Brian’s Buzz, scheduled for publication on Dec. 4.

In the meantime, I’m eager to hear from other readers who have experience with this data-integrity issue. If your comment is printed, I’ll give you credit or guarantee your anonymity, as you prefer. Send comments using WindowsSecrets.com/contact. Thanks in advance. –Brian Livingston

Table of contents

In keeping with its new policy of trying to release new security patches only once a month instead of weekly (as I described in a special report in the Nov. 6 paid version of Brian’s Buzz), Microsoft on Nov. 11 released two Windows patches rated “critical” and one rated “important.”

As we now know, the first month of Microsoft’s new policy was marred by the software giant being forced to re-issue several of its October patches, including one patch that was re-released twice. I reported on this problem in “Patches That Patch,” my Nov. 17 column for eWeek.

Despite the confusion, Windows pros need to be aware of and act upon security bulletins as soon as they emerge. It’s been reported that exploit code that takes advantage of one of the security holes described below was posted on a hacker site only one day after Microsoft announced the vulnerability. This kind of exploit used to require weeks of hacker development work.

Here’s an overview of the latest batch of new patches for November:

MS03-048: Cumulative patch for IE 6
Security bulletin MS03-048 (824145) rolls up several security patches for Internet Explorer 5.01 and higher, and is needed on Windows Server 2003 as well as all previous versions of Windows. This patch eliminates the need to install the older MS03-040 rollup and several other, minor patches. It closes security holes that, among other things, would allow an attacker to run a program on a remote machine by sending an e-mail message or getting the user to visit a malicious Web site.
This patch, which is rated “critical” and is certainly important to install, does have minor negative side-effects. After installation, clicking a blank area of the vertical scroll bar results in the Explorer window scrolling up or down two screenfuls instead of one. In addition, clicking an empty scrollbar area deselects any selected text in the window. Finally, the patch breaks the HTML commands resizeBy, resizeTo, moveBy, and moveTo, causing an “Access Denied” error in Explorer, according to eWeek.

Until Microsoft releases an updated patch, the double-scroll behavior can be worked around by clicking an empty area of the scrollbar that is near to the scrollbar “thumb.” This scrolls the window one screenful, as expected. Clicking the arrows at the top and bottom of the scrollbar also continues to work normally after the patch is installed.

Additionally, MS03-04 breaks Windows Help unless you first install Microsoft’s HTML Help update from Knowledge Base article 811630. One Brian’s Buzz reader has also reported that installing MS03-048 permanently deleted all of the Outlook Express e-mails from his message-store files (see the Hot Tips section, part 1, above).

Obtain the patch and more information from MS03-048.

MS03-049: Attacker can exploit Workstation service
Also rated “critical,” MS03-049 (828749) closes a security flaw in Windows 2000 (SP 2, 3, or 4) and XP. It does not affect Windows 2000 Server, XP 64-Bit Edition, Me, NT, or Server 2003.
The hole allows a malicious hacker to remotely exploit Windows’ Workstation service, gaining full admnistrative privileges.

As explained in the security bulletin, the hole in Windows 2000 is closed by installing MS03-048, while the hole in Windows XP is closed by installing the earlier MS03-043 (828035). Read the More info.

MS03-050: Updated patch fixes certificate flaw
Rated “important,” MS03-050 (329115) has been revised several times. The original vulnerability, which involves digital certificates on every version of Windows prior to Server 2003 (as well as Microsoft Office, IE, and Outlook Express on the Mac) was dealt with by a patch released in September 2002. MS03-050 is the November 2003 version of the patch that corrects this and other problems.
The release of MS03-050 as part of Microsoft’s regular monthly batch of patches on Nov. 11 was replaced by a new, improved MS03-050 patch on Nov. 20 (today). The Nov. 11 version of the patch didn’t work correctly with Microsoft-issued digital certificates. The Nov. 20 version does. More info

Other significant bulletins:

Office 2003 documents opened in Office 2000 become damaged
Files saved using Word 2003, Excel 2003, or PowerPoint 2003 may develop a problem if subsequently opened in a Microsoft Office 2000 application. When trying to open ther affected files, the Office 2003 apps may report that they’re missing graphics or other portions of a document. Microsoft released an Office 2003 Critical Update on Nov. 4, as described in Knowledge Base article 828041.

Table of contents

Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:

Subscription help: customersupport@askwoody.com

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Live from Comdex: Windows winners

Plus Membership

Search Newsletters

Search Forums

View the Forum

Search for Topics

Recent Topics

Recent blog posts

My Profile

Key Links

Remembering Woody

Live from Comdex: Windows winners

In this issue